NC-AUTH-003
No tokens in OpenClaw log files
What this checks
Scans OpenClaw log files for accidentally logged credentials.
Why it matters
Tokens in log files persist on disk and may be exposed through log aggregation or shared access.
How to fix it
Configure log redaction for sensitive fields. See: https://clawvitals.io/docs/NC-AUTH-003
Technical details
| Field | Value |
|---|---|
| Control ID | NC-AUTH-003 |
| Domain | AUTH |
| Severity | High |
| Status | Experimental |
| Data source | log_scan |
| Source type | derived |
| Mode | Mode 1 (OpenClaw native) |
| Introduced in | Library v0.1.0 |
| OWASP LLM 2025 | LLM02: Sensitive Information Disclosure |
False positive notes
May match non-token strings in logs. Higher false-positive risk than authoritative checks.
Suppress this finding
If this finding is intentional or not applicable to your setup, you can exclude it:
clawvitals exclude NC-AUTH-003 reason "your reason here"Exclusions are auditable and expire automatically. See the exclusions guide.